dependabot-bundler 0.317.0 → 0.318.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/package/package_details_fetcher.rb +47 -42
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2893c2182ca7aad9c1ab46333536daf31a7253a08c01b3a84f422622118aeebd
|
|
4
|
+
data.tar.gz: ddffd70d6df0a1f77370bc93fe36bb92604f44353b8ed1ddcc317aabc5986de0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 97aa8b394311211a8ce25b920e8c230d8f4b75489f1f3ee90180796a9ccf6ab2b146d501bebeb44194f83737b0af620647ab52e789ea84f0ba4509667ce5aac0
|
|
7
|
+
data.tar.gz: 54a4b721000eba54bee7d8608d0269858f1477ab67f4b8f560c96c37c6e1f1f884995c0705531e44d48051fe534518f31d5d675c105fb3c0cb73c58f3a779e65
|
|
@@ -21,16 +21,12 @@ module Dependabot
|
|
|
21
21
|
require_relative "../update_checker/shared_bundler_helpers"
|
|
22
22
|
include Dependabot::Bundler::UpdateChecker::SharedBundlerHelpers
|
|
23
23
|
|
|
24
|
-
RELEASES_URL = "
|
|
25
|
-
GEM_URL = "
|
|
24
|
+
RELEASES_URL = "%s/api/v1/versions/%s.json"
|
|
25
|
+
GEM_URL = "%s/gems/%s.gem"
|
|
26
26
|
PACKAGE_TYPE = "gem"
|
|
27
27
|
PACKAGE_LANGUAGE = "ruby"
|
|
28
28
|
APPLICATION_JSON = "application/json"
|
|
29
|
-
|
|
30
29
|
RUBYGEMS = "rubygems"
|
|
31
|
-
PRIVATE_REGISTRY = "private"
|
|
32
|
-
GIT = "git"
|
|
33
|
-
OTHER = "other"
|
|
34
30
|
|
|
35
31
|
sig do
|
|
36
32
|
params(
|
|
@@ -58,15 +54,7 @@ module Dependabot
|
|
|
58
54
|
|
|
59
55
|
sig { returns(Dependabot::Package::PackageDetails) }
|
|
60
56
|
def fetch
|
|
61
|
-
|
|
62
|
-
return rubygems_versions unless gemfile
|
|
63
|
-
|
|
64
|
-
case source_type
|
|
65
|
-
when OTHER, GIT, PRIVATE_REGISTRY
|
|
66
|
-
package_details([])
|
|
67
|
-
else
|
|
68
|
-
rubygems_versions
|
|
69
|
-
end
|
|
57
|
+
rubygems_versions
|
|
70
58
|
end
|
|
71
59
|
|
|
72
60
|
private
|
|
@@ -127,15 +115,39 @@ module Dependabot
|
|
|
127
115
|
# ]
|
|
128
116
|
sig { returns(Dependabot::Package::PackageDetails) }
|
|
129
117
|
def rubygems_versions
|
|
130
|
-
|
|
131
|
-
|
|
118
|
+
registry_url = get_url_from_dependency(dependency) || "https://rubygems.org"
|
|
119
|
+
|
|
120
|
+
# TODO: Github private registry support
|
|
121
|
+
# registry_url = "https://rubygems.pkg.github.com/#{OWNER_NAME}"
|
|
122
|
+
# Corresponding API URL:
|
|
123
|
+
# curl -H "Accept: application/json" \
|
|
124
|
+
# -H "Authorization: Bearer <<TOKEN>>" \
|
|
125
|
+
# https://api.github.com/orgs/dsp-testing/packages/rubygems/json/version
|
|
126
|
+
parsed_url = begin
|
|
127
|
+
URI.parse(registry_url)
|
|
128
|
+
rescue URI::InvalidURIError
|
|
129
|
+
raise "Invalid registry URL: #{registry_url}"
|
|
130
|
+
end
|
|
131
|
+
return package_details([]) if parsed_url.host == "rubygems.pkg.github.com"
|
|
132
|
+
|
|
133
|
+
response = registry_json_response_for_dependency(registry_url)
|
|
134
|
+
|
|
135
|
+
unless response.status == 200
|
|
136
|
+
error_details = "Status: #{response.status}"
|
|
137
|
+
error_message = "Failed to fetch versions for '#{dependency.name}' from '#{registry_url}'. #{error_details}"
|
|
138
|
+
Dependabot.logger.info(error_message)
|
|
139
|
+
return package_details([])
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
registry_url = get_url_from_dependency(dependency) || "https://rubygems.org" # Get registry_url
|
|
132
143
|
|
|
133
144
|
package_releases = JSON.parse(response.body).map do |release|
|
|
145
|
+
gem_name_with_version = "#{@dependency.name}-#{release['number']}"
|
|
134
146
|
package_release(
|
|
135
147
|
version: release["number"],
|
|
136
148
|
released_at: Time.parse(release["created_at"]),
|
|
137
149
|
downloads: release["downloads_count"],
|
|
138
|
-
url: GEM_URL
|
|
150
|
+
url: format(GEM_URL, registry_url, gem_name_with_version),
|
|
139
151
|
ruby_version: release["ruby_version"]
|
|
140
152
|
)
|
|
141
153
|
end
|
|
@@ -143,9 +155,23 @@ module Dependabot
|
|
|
143
155
|
package_details(package_releases)
|
|
144
156
|
end
|
|
145
157
|
|
|
146
|
-
sig { returns(
|
|
147
|
-
def
|
|
148
|
-
|
|
158
|
+
sig { params(dependency: T.untyped).returns(T.nilable(String)) }
|
|
159
|
+
def get_url_from_dependency(dependency)
|
|
160
|
+
return nil unless dependency&.requirements&.any?
|
|
161
|
+
|
|
162
|
+
first_requirement = dependency.requirements.first
|
|
163
|
+
return nil unless first_requirement && first_requirement[:source]
|
|
164
|
+
|
|
165
|
+
url = T.let(first_requirement[:source][:url], T.nilable(String))
|
|
166
|
+
return nil unless url
|
|
167
|
+
|
|
168
|
+
url.end_with?("/") ? url.chop : url
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
sig { params(registry_url: T.nilable(String)).returns(Excon::Response) }
|
|
172
|
+
def registry_json_response_for_dependency(registry_url = "https://rubygems.org")
|
|
173
|
+
url = format(RELEASES_URL, registry_url, dependency.name)
|
|
174
|
+
|
|
149
175
|
Dependabot::RegistryClient.get(
|
|
150
176
|
url: url,
|
|
151
177
|
headers: { "Accept" => APPLICATION_JSON }
|
|
@@ -157,27 +183,6 @@ module Dependabot
|
|
|
157
183
|
Requirement.new(req_string)
|
|
158
184
|
end
|
|
159
185
|
|
|
160
|
-
sig { returns(String) }
|
|
161
|
-
def source_type
|
|
162
|
-
@source_type ||= begin
|
|
163
|
-
return @source_type = RUBYGEMS unless gemfile
|
|
164
|
-
|
|
165
|
-
@source_type = in_a_native_bundler_context do |tmp_dir|
|
|
166
|
-
NativeHelpers.run_bundler_subprocess(
|
|
167
|
-
bundler_version: bundler_version,
|
|
168
|
-
function: "dependency_source_type",
|
|
169
|
-
options: {}, # options,
|
|
170
|
-
args: {
|
|
171
|
-
dir: tmp_dir,
|
|
172
|
-
gemfile_name: gemfile.name,
|
|
173
|
-
dependency_name: dependency.name,
|
|
174
|
-
credentials: credentials
|
|
175
|
-
}
|
|
176
|
-
)
|
|
177
|
-
end
|
|
178
|
-
end
|
|
179
|
-
end
|
|
180
|
-
|
|
181
186
|
sig { override.returns(String) }
|
|
182
187
|
def bundler_version
|
|
183
188
|
@bundler_version ||= T.let(Helpers.bundler_version(lockfile), T.nilable(String))
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.318.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.318.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.318.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.318.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|